Solved Audio issues

[Solved] Audio issues

Hello,

My name is Randy and this is the first time I've posted in Malware and Virus Removal.

A little background: My posting in this Forum began when I started a thread approx. one month ago in the Windows XP section... that thread is titled "Lost some of my audio, sound card is okay ".)

Anyway, Evan Omo pointed me here after I started another thread in Windows XP titled "Recycle Bin has way too many files in it ". Prior to seeing Evan's reply, I scanned my PC with Spybot - Search & Destroy which found more than 50 threats, which have been removed.

I restored the files that were in the Recycle Bin.

So here I am; I have read the necessary steps and I hope I'm not deviating from them at all. If I am, I apologize.

I downloaded and ran Farbar Recovery Scan Tool, and I will post the two logs -- FRST.txt and Addition.txt. Because of their length I will do this in another message or two (or three...)

Thanks in advance,
Randy

 

Here is the text from the file FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Randy (administrator) on RANDY-821A2FC76 (01-09-2015 23:21:31)
Running from C:\Documents and Settings\Randy\My Documents\Downloads
Loaded Profiles: Randy (Available Profiles: Randy & UpdatusUser & Mary Kay & Sofia & Papa & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM Group Policy restriction on software: %localAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-10] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2015-04-15] (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60CF82EE-E530-49B9-87AF-DE2029CC503E}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{60CF82EE-E530-49B9-87AF-DE2029CC503E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-117609710-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-117609710-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-117609710-2000478354-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-117609710-2000478354-725345543-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-117609710-2000478354-725345543-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: No Name -> {410EAFBA-D5A4-0A01-9A7F-57C27CAEB7CD} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO: No Name -> {788019A8-7243-E343-0595-B602FAA4B15C} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-10] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-117609710-2000478354-725345543-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1311448594859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: google.com
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\user.js [2015-08-10]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\Comcat.dll [1996-10-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLAUNCH.dll [2008-01-08] (PagePath Technologies, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Randy\Application Data\mozilla\plugins\ieatgpc.dll [2012-02-22] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Randy\Application Data\mozilla\plugins\npatgpc.dll [2012-02-22] (Cisco WebEx LLC)
FF SearchPlugin: C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\searchplugins\zonealarm.xml [2015-08-10]
FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2015-08-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-10]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ ", "https://webmail.earthlink.net/ "
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Video AdBlock for Chrome) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-08-25]
CHR Extension: (Dizziness Support Group of WNY - Prov...) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efpgfafnibbifjojlbdhplfkafmcocho [2015-07-23]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-10]
CHR HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-10] (AVAST Software)
R2 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-06-18] (Freemake) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-08-01] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-08-05] (Cisco Systems, Inc.) [File not signed]
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1197740 2003-09-23] (Agere Systems) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-10] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-10] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-10] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [68762 2008-03-11] (Windows (R) 2000 DDK provider) [File not signed]
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
S3 m4301a; C:\WINDOWS\System32\DRIVERS\m4301A.sys [141990 2004-12-21] (ALinx Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-08-01] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTL8192su; C:\WINDOWS\System32\DRIVERS\RTL8192su.sys [594048 2009-11-13] (Realtek Semiconductor Corporation ) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\System32\drivers\WsAudioDevice_383.sys [16640 2011-11-17] (Wondershare) [File not signed]
S3 ALSysIO; \??\C:\DOCUME~1\Randy\LOCALS~1\Temp\ALSysIO.sys [X]
S0 hkrwaict; System32\drivers\xyje.sys [X]
S4 IntelIde; no ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 23:21 - 2015-09-01 23:21 - 00000000 ___DC C:\FRST
2015-09-01 18:45 - 2015-09-01 18:46 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Contents of Recycling Bin Sept 1 2015
2015-08-30 17:38 - 2015-08-30 17:38 - 00001685 _____ C:\Documents and Settings\Randy\Desktop\missing.reg
2015-08-29 16:42 - 2015-08-29 16:42 - 00002741 _____ C:\Documents and Settings\Randy\Desktop\MRS JOY PRAISE 419 email.txt
2015-08-29 16:37 - 2015-08-29 16:37 - 00000000 _____ C:\Documents and Settings\Randy\Desktop\New Text Document.txt
2015-08-28 22:14 - 2015-08-31 20:06 - 00000000 ____D C:\Program Files\File Download ActiveX
2015-08-28 22:09 - 2015-08-28 22:19 - 00001567 _____ C:\Documents and Settings\Randy\Desktop\missing.reg.reg
2015-08-28 10:18 - 2015-08-28 10:18 - 00007431 _____ C:\WINDOWS\KB973904.log
2015-08-28 10:18 - 2015-08-28 10:18 - 00007232 _____ C:\WINDOWS\KB2485663.log
2015-08-28 10:18 - 2015-08-28 10:18 - 00000580 _____ C:\WINDOWS\updspapi.log
2015-08-28 09:56 - 2015-08-28 09:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-27 15:15 - 2015-08-27 15:15 - 00000730 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-08-27 15:15 - 2015-08-27 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-08-27 14:53 - 2015-08-27 14:53 - 00000000 _____ C:\Documents and Settings\Randy\dir
2015-08-27 14:38 - 2007-10-02 03:10 - 00000009 _____ C:\Documents and Settings\Randy\My Documents\run.bat
2015-08-27 14:09 - 2015-08-27 14:19 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\HUTIL for Samsung HDD
2015-08-26 23:30 - 2015-08-28 10:18 - 00014184 _____ C:\WINDOWS\KB979687.log
2015-08-26 23:30 - 2015-08-28 10:18 - 00012899 _____ C:\WINDOWS\KB978706.log
2015-08-26 23:30 - 2015-08-28 10:18 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-08-26 19:42 - 2015-08-27 13:55 - 00003566 _____ C:\WINDOWS\setupapi.log
2015-08-26 19:20 - 2015-08-26 19:20 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Macromedia
2015-08-26 18:30 - 2015-08-26 18:30 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-08-26 18:30 - 2015-08-26 18:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-08-26 15:28 - 2015-08-26 15:28 - 00000799 _____ C:\Documents and Settings\Randy\Start Menu\Programs\Windows Media Player.lnk
2015-08-25 22:37 - 2015-08-25 22:37 - 00000000 ____D C:\Documents and Settings\All Users\BackupNowEZ
2015-08-25 22:34 - 2015-08-25 22:34 - 00000933 _____ C:\Documents and Settings\Randy\Desktop\Should I Remove It.lnk
2015-08-25 22:34 - 2015-08-25 22:34 - 00000000 __SHD C:\WINDOWS\system32\AI_RecycleBin
2015-08-25 22:34 - 2015-08-25 22:34 - 00000000 ____D C:\Program Files\Reason
2015-08-25 20:56 - 2015-08-25 20:56 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\MPC-HC
2015-08-25 19:33 - 2015-08-25 19:33 - 00000658 _____ C:\WINDOWS\Tasks\klcp_update.job
2015-08-25 19:31 - 2015-08-25 19:31 - 00000837 _____ C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
2015-08-25 19:31 - 2015-08-25 19:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-08-25 19:31 - 2015-08-24 14:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-08-25 19:31 - 2015-06-22 09:25 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-08-25 19:31 - 2015-06-22 09:24 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-08-25 19:31 - 2015-02-28 11:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-08-25 19:31 - 2012-07-21 06:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-08-25 19:31 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-08-25 19:31 - 2011-06-22 10:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-08-25 19:18 - 2015-08-25 19:18 - 00000000 ___DC C:\K-Lite Codec Pack Mega 1140
2015-08-25 19:15 - 2015-08-25 19:16 - 00000000 ___DC C:\Codecs from MeGUI
2015-08-23 08:56 - 2015-08-23 09:22 - 00000000 ___DC C:\Mom
2015-08-22 23:07 - 2015-08-22 23:09 - 00000000 ___DC C:\i386
2015-08-22 09:01 - 2015-08-22 09:01 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76\Application Data\Canon
2015-08-22 09:01 - 2015-08-22 09:01 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76\Application Data\AVAST Software
2015-08-20 15:52 - 2015-08-20 15:52 - 00000905 _____ C:\Documents and Settings\All Users\Desktop\WinX DVD Author.lnk
2015-08-20 15:52 - 2015-08-20 15:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinX DVD Author
2015-08-19 23:22 - 2015-09-01 20:04 - 00344262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2015-08-19 18:07 - 2015-08-19 18:07 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\FreemakeVideoConverter
2015-08-19 18:06 - 2015-08-19 18:08 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Freemake
2015-08-19 18:05 - 2015-08-19 18:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Freemake
2015-08-19 18:05 - 2015-08-19 18:05 - 00000000 ____D C:\Program Files\Common Files\Freemake Shared
2015-08-19 18:05 - 2015-08-19 18:05 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Freemake
2015-08-19 18:05 - 2015-08-19 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
2015-08-19 18:04 - 2015-08-19 18:05 - 00000000 ____D C:\Program Files\Freemake
2015-08-19 10:02 - 2015-08-19 10:04 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Videos d-loaded
2015-08-18 23:43 - 2015-08-19 10:10 - 00001119 _____ C:\Documents and Settings\Randy\Application Data\burnaware.ini
2015-08-18 23:12 - 2015-08-20 12:59 - 00014205 _____ C:\Documents and Settings\Randy\My Documents\starburn.txt
2015-08-18 23:12 - 2015-08-20 12:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952011$
2015-08-18 23:09 - 2015-08-20 12:59 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Wondershare DVD Creator
2015-08-18 11:14 - 2015-08-21 11:55 - 00049664 ___SH C:\Documents and Settings\Randy\My Documents\Thumbs.db
2015-08-17 23:04 - 2015-08-25 19:21 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4A8353F3.sys
2015-08-13 18:07 - 2015-08-18 11:14 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\FB stuff
2015-08-12 12:11 - 2015-08-12 12:18 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-08-11 12:50 - 2015-09-01 22:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-11 12:50 - 2015-08-26 19:24 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-11 12:50 - 2015-08-26 19:24 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-10 22:20 - 2015-08-10 22:20 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\Privatefirewall
2015-08-10 22:18 - 2015-08-10 22:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Privacyware
2015-08-10 21:58 - 2015-08-10 21:58 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\AVAST Software
2015-08-10 21:57 - 2015-08-10 21:57 - 00001700 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-08-10 21:57 - 2015-08-10 21:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-08-10 21:56 - 2015-09-01 22:16 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-10 21:56 - 2015-08-10 21:56 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-10 21:56 - 2015-08-10 21:56 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-10 21:56 - 2015-08-10 21:56 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-10 21:56 - 2015-08-10 21:56 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-10 21:54 - 2015-08-10 21:54 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-10 18:22 - 2015-08-26 19:42 - 00000000 ____D C:\WINDOWS\LastGood
2015-08-10 18:22 - 2015-08-10 18:23 - 00000000 ___DC C:\b51b393cbb54452c6a539ada5b55
2015-08-10 14:07 - 2015-08-22 09:21 - 00688246 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-2000478354-725345543-1007-0.dat
2015-08-09 22:11 - 2015-08-20 15:52 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Digiarty
2015-08-09 22:10 - 2015-08-20 15:52 - 00000000 ____D C:\Program Files\Digiarty
2015-08-09 21:21 - 2015-08-10 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
2015-08-09 21:20 - 2015-08-10 16:54 - 00000000 ____D C:\Program Files\Anvisoft
2015-08-09 21:00 - 2015-08-09 21:00 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-09 19:51 - 2015-08-09 19:51 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-08-09 19:28 - 2015-09-01 22:48 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 19:28 - 2015-09-01 22:34 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job
2015-08-09 19:28 - 2015-09-01 22:33 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job
2015-08-09 19:28 - 2015-09-01 22:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 19:28 - 2015-09-01 22:16 - 00000346 _____ C:\WINDOWS\Tasks\GlaryInitialize 3.job
2015-08-09 19:28 - 2015-09-01 22:16 - 00000326 _____ C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-08-09 19:28 - 2015-09-01 22:16 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-09 19:28 - 2015-09-01 20:46 - 00000414 _____ C:\WINDOWS\Tasks\At1.job
2015-08-09 19:28 - 2015-09-01 20:33 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job
2015-08-09 19:28 - 2015-09-01 18:34 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job
2015-08-09 19:28 - 2015-08-09 19:28 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-08-08 17:02 - 2015-08-08 17:02 - 00000000 ___DC C:\SUPERDelete
2015-08-08 16:58 - 2015-08-08 16:58 - 00000000 _SHDC C:\AdvancedTechSupport
2015-08-08 16:48 - 2015-08-09 20:16 - 00065536 _____ C:\WINDOWS\system32\config\Nano.evt
2015-08-08 16:48 - 2015-08-09 19:30 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Panda Security
2015-08-08 16:47 - 2015-08-09 19:33 - 00000000 ____D C:\Program Files\Panda Security
2015-08-08 16:46 - 2015-08-09 19:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2015-08-08 15:52 - 2015-08-08 16:07 - 00000000 ___DC C:\AdwCleaner
2015-08-08 15:18 - 2015-08-08 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\support.com
2015-08-08 15:17 - 2015-08-08 15:17 - 00000000 ___DC C:\temp
2015-08-08 12:05 - 2015-08-08 22:50 - 00000000 ____D C:\Program Files\Common Files\supportdotcom
2015-08-08 12:05 - 2015-08-08 12:46 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\supportdotcom
2015-08-08 11:38 - 2015-08-26 00:22 - 00000148 _____ C:\WINDOWS\Reimage.ini
2015-08-07 23:35 - 2015-08-07 23:35 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Dropbox
2015-08-07 15:47 - 2015-08-10 17:19 - 00000000 ____D C:\Program Files\Alternative Flash Player Auto-Updater
2015-08-07 00:02 - 2015-08-07 00:02 - 00000732 _____ C:\Documents and Settings\Randy\Desktop\Flash Movie Player.lnk
2015-08-07 00:02 - 2015-08-07 00:02 - 00000000 ____D C:\Program Files\Flash Movie Player
2015-08-07 00:02 - 2015-08-07 00:02 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Flash Movie Player
2015-08-06 23:19 - 2015-08-08 11:40 - 00001689 ____H C:\WINDOWS\system32\BTImages.dat
2015-08-06 12:03 - 2015-08-06 12:12 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
2015-08-06 00:10 - 2015-08-26 20:22 - 00001750 _____ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2015-08-05 22:14 - 2003-03-31 07:00 - 00138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sndvol32.exe
2015-08-05 22:14 - 2003-03-31 07:00 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
2015-08-05 21:59 - 2013-12-05 19:08 - 00087256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoInstIIXP.dll
2015-08-05 21:59 - 2013-10-25 11:38 - 00026084 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-08-05 21:59 - 2013-03-05 15:37 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2015-08-05 21:59 - 2011-11-22 16:28 - 00011368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDRXP.dll
2015-08-05 21:59 - 2010-11-03 18:15 - 00359016 _____ (Realtek Semiconductor Crop.) C:\WINDOWS\vncutil.exe
2015-08-05 21:59 - 2010-11-03 18:14 - 00129640 _____ (Realtek Semiconductor) C:\WINDOWS\RtkAudioService.exe
2015-08-05 21:59 - 2009-11-18 07:17 - 01395800 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\Monfilt.sys
2015-08-05 21:59 - 2009-11-18 07:16 - 01691480 _____ (Creative) C:\WINDOWS\system32\Drivers\Ambfilt.sys
2015-08-05 21:58 - 2015-08-29 14:12 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\MalwareProtectionLive
2015-08-05 00:58 - 2014-06-11 10:09 - 00074336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-08-04 23:31 - 2015-08-04 23:32 - 00000000 ___DC C:\f24430065c966b97dc266a
2015-08-04 23:09 - 2015-08-04 23:17 - 00000000 ___DC C:\d72d390b903839cecc3f591414fb1d42
2015-08-04 23:04 - 2015-08-10 18:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2015-08-04 22:54 - 2015-08-18 11:14 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\My Car
2015-08-04 14:57 - 2015-08-04 14:58 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Toshiba laptop troubleshooting
2015-08-03 12:02 - 2015-08-03 12:04 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJScan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-01 23:21 - 2011-07-22 12:23 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Temp
2015-09-01 22:16 - 2004-08-04 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-01 20:10 - 2011-09-16 08:48 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-09-01 20:05 - 2011-07-22 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-01 20:05 - 2011-07-22 11:53 - 01094107 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-01 20:05 - 2011-07-22 07:20 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-01 20:05 - 2011-07-22 07:20 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-01 20:04 - 2015-07-22 20:40 - 00344262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-09-01 20:04 - 2011-07-22 12:23 - 00000278 ___SH C:\Documents and Settings\Randy\ntuser.ini
2015-09-01 20:04 - 2011-07-22 12:21 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-01 18:36 - 2012-07-21 18:54 - 00002193 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
2015-09-01 14:53 - 2011-09-10 13:15 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\vlc
2015-08-31 23:24 - 2011-07-22 12:22 - 00000000 ____D C:\Documents and Settings\Randy
2015-08-29 14:08 - 2015-08-01 14:30 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 13:02 - 2011-07-25 09:38 - 00000000 ____D C:\Documents and Settings\Mary Kay\Local Settings\Temp
2015-08-29 12:13 - 2011-07-25 09:38 - 00000278 ___SH C:\Documents and Settings\Mary Kay\ntuser.ini
2015-08-29 12:13 - 2011-07-25 09:38 - 00000000 ____D C:\Documents and Settings\Mary Kay
2015-08-29 11:43 - 2012-08-19 19:48 - 00000000 ____D C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Akamai
2015-08-29 11:42 - 2011-09-09 05:25 - 00096688 _____ C:\Documents and Settings\Mary Kay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-28 21:49 - 2015-06-07 16:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 09:59 - 2011-10-01 12:06 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Troubleshooting-FF
2015-08-27 15:15 - 2011-09-10 13:14 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-27 15:10 - 2011-09-10 13:15 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\dvdcss
2015-08-26 20:31 - 2013-12-11 11:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2015-08-26 20:02 - 2013-08-12 19:35 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2015-08-26 19:25 - 2011-07-23 17:02 - 00000000 ____D C:\Documents and Settings\Randy\Local Settings\Application Data\Adobe
2015-08-26 19:23 - 2011-10-01 11:42 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Adobe
2015-08-26 18:33 - 2011-08-12 10:43 - 00062964 ____C C:\Documents and Settings\Randy\Application Data\CleanUp!.log
2015-08-26 18:30 - 2011-07-22 12:21 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-26 15:28 - 2011-07-22 07:18 - 00607530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-26 14:56 - 2012-10-17 22:23 - 00000000 ____D C:\WINDOWS\pss
2015-08-26 14:56 - 2011-07-22 07:16 - 00000211 __SHC C:\boot.ini
2015-08-26 14:56 - 2004-08-04 08:00 - 00000801 _____ C:\WINDOWS\win.ini
2015-08-26 14:56 - 2004-08-04 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-08-26 14:48 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\security
2015-08-26 14:37 - 2011-07-22 11:50 - 00000000 ____D C:\Program Files\Windows NT
2015-08-26 14:37 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\Help
2015-08-25 22:38 - 2015-02-07 18:19 - 00000000 ____D C:\Program Files\NTI
2015-08-25 19:31 - 2012-05-04 02:29 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-08-25 19:06 - 2011-07-22 11:51 - 00000000 ____D C:\Program Files\Online Services
2015-08-25 18:55 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-24 18:53 - 2011-07-22 12:21 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-08-24 11:35 - 2011-10-01 15:40 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76\Local Settings\Temp
2015-08-23 00:37 - 2011-10-01 11:42 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\CoreFTP
2015-08-22 17:54 - 2015-05-06 22:00 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\New Support Group
2015-08-22 09:21 - 2011-10-01 15:40 - 00000178 ___SH C:\Documents and Settings\Sofia.RANDY-821A2FC76\ntuser.ini
2015-08-22 09:01 - 2012-07-25 11:11 - 00096688 _____ C:\Documents and Settings\Sofia.RANDY-821A2FC76\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-20 12:13 - 2013-01-27 20:17 - 00000000 ____D C:\Program Files\Wondershare
2015-08-19 21:26 - 2011-07-24 16:29 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-08-19 18:35 - 2011-07-23 17:12 - 00000376 ____C C:\WINDOWS\ODBC.INI
2015-08-19 16:52 - 2011-08-05 23:00 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Animal Advocates of WNY
2015-08-18 23:11 - 2011-09-09 23:32 - 00000000 ____D C:\Program Files\DVD Flick
2015-08-18 11:14 - 2015-06-16 20:34 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Yahoo Group
2015-08-18 11:14 - 2015-06-13 10:33 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Screen Captures
2015-08-18 11:14 - 2012-09-21 15:42 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Support Group
2015-08-17 23:20 - 2012-10-04 15:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-08-17 19:22 - 2011-07-22 07:10 - 00000000 ____D C:\WINDOWS\Cursors
2015-08-17 19:13 - 2011-07-30 23:54 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Unity
2015-08-15 23:05 - 2013-07-28 23:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-15 22:48 - 2011-07-23 16:11 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-15 20:00 - 2011-07-24 15:17 - 00000000 ____D C:\Unity-QB
2015-08-13 22:20 - 2015-03-24 13:34 - 00000000 ___RD C:\Documents and Settings\Randy\My Documents\Dropbox
2015-08-13 22:20 - 2015-03-24 13:29 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Dropbox
2015-08-13 21:41 - 2013-12-11 11:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2015-08-12 12:22 - 2011-07-26 21:52 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-12 12:18 - 2011-07-26 21:52 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-08-12 12:17 - 2011-07-26 21:52 - 00000000 ____D C:\Program Files\Java
2015-08-12 12:17 - 2011-07-24 21:59 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\WinRAR
2015-08-12 12:17 - 2011-07-24 21:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-08-12 12:15 - 2011-07-24 21:59 - 00000000 ____D C:\Program Files\WinRAR
2015-08-11 12:07 - 2015-07-27 17:41 - 00000735 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-11 12:07 - 2015-06-07 16:17 - 00000741 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-10 21:44 - 2014-04-10 08:37 - 00000178 ___SH C:\Documents and Settings\Papa\ntuser.ini
2015-08-10 20:40 - 2011-07-23 19:15 - 00096688 _____ C:\Documents and Settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-10 19:40 - 2011-07-22 07:17 - 00345808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-10 18:29 - 2011-07-24 15:07 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-10 18:23 - 2015-03-01 21:33 - 00201200 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-10 18:23 - 2012-02-24 22:31 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-08-10 17:51 - 2011-07-24 02:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-08-10 17:22 - 2013-06-13 00:12 - 00000000 ____D C:\Program Files\Solveig Multimedia
2015-08-10 17:20 - 2015-02-25 18:06 - 00000000 ____D C:\Program Files\Glarysoft
2015-08-10 17:13 - 2011-07-23 13:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-10 17:11 - 2013-01-23 09:58 - 00000000 ____D C:\Program Files\PDF-XChangePDFViewer
2015-08-10 17:10 - 2011-10-05 22:27 - 00000000 ____D C:\Documents and Settings\Mary Kay\My Documents\Musicnotes
2015-08-10 17:09 - 2011-10-09 22:34 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Musicnotes
2015-08-10 16:58 - 2011-07-27 01:07 - 00000000 ____D C:\Program Files\Ffmpeg For Audacity
2015-08-10 16:57 - 2014-01-04 22:30 - 00000000 ____D C:\Program Files\The Learning Company
2015-08-10 16:57 - 2011-07-22 11:51 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-08-10 16:51 - 2011-07-23 21:11 - 00000000 ____D C:\Program Files\Audacity 1.3 Beta (Unicode)
2015-08-10 14:07 - 2011-10-01 15:40 - 00000000 ____D C:\Documents and Settings\Sofia.RANDY-821A2FC76
2015-08-09 21:28 - 2011-07-23 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-08-09 19:54 - 2015-02-06 16:31 - 00000000 ____D C:\Documents and Settings\Randy\Desktop\Old Firefox Data
2015-08-09 19:45 - 2013-08-02 00:29 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Verizon
2015-08-09 19:18 - 2015-07-27 16:46 - 00000000 ____D C:\Program Files\Comodo
2015-08-09 19:17 - 2011-10-26 00:05 - 00000000 ____D C:\WINDOWS\system32\Adobe
2015-08-09 19:17 - 2011-07-22 11:52 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-08-09 08:50 - 2011-07-24 15:28 - 00000000 ____D C:\UHC-QB
2015-08-08 17:58 - 2011-07-23 13:50 - 00000000 ____D C:\Program Files\Realtek
2015-08-08 17:00 - 2015-04-17 14:29 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\GlarySoft
2015-08-08 16:57 - 2015-03-23 16:08 - 00000000 ____D C:\Documents and Settings\Papa\Desktop\Unused Desktop Shortcuts
2015-08-08 16:57 - 2013-10-22 21:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Visual Business Cards 4
2015-08-08 16:57 - 2012-05-29 21:45 - 00000000 ____D C:\Documents and Settings\Randy\Start Menu\Programs\Color-Tech Imaging ROES
2015-08-06 12:03 - 2015-08-01 00:47 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Canon Easy-WebPrint EX
2015-08-05 22:00 - 2011-07-23 13:51 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2015-08-04 23:28 - 2015-07-27 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo
2015-08-04 23:16 - 2015-07-27 16:53 - 00065536 _____ C:\WINDOWS\system32\config\COMODO I.evt
2015-08-03 13:39 - 2015-07-22 20:40 - 00344262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-2000478354-725345543-1003-0.dat
2015-08-03 12:02 - 2011-10-01 11:42 - 00000000 ____D C:\Documents and Settings\Randy\Application Data\Canon
2015-08-02 01:55 - 2013-03-17 00:59 - 00000000 ____D C:\Documents and Settings\Randy\My Documents\Misc
2015-08-02 01:26 - 2011-07-23 14:04 - 01070792 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-08-02 01:26 - 2011-07-23 14:04 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin

==================== Files in the root of some directories =======

2013-03-21 09:58 - 2006-03-30 14:18 - 0015184 _____ () C:\Program Files\alltests.rmb
2013-03-21 09:58 - 2005-08-01 21:30 - 0003664 _____ () C:\Program Files\cpudb_tests.rmb
2013-03-21 09:58 - 2005-03-12 10:00 - 0047247 _____ () C:\Program Files\Longhorn.sui
2013-03-21 09:58 - 2008-02-29 17:36 - 0704000 _____ (NGO Science Center "RightMark ") C:\Program Files\MemoryTest.dll
2013-03-21 09:58 - 2003-01-01 01:08 - 0001360 _____ () C:\Program Files\mobo_tests.rmb
2012-06-06 00:38 - 2011-08-04 13:31 - 0898560 _____ (Squared 5) C:\Program Files\MPEG_Streamclip.exe
2013-03-21 09:58 - 2006-03-31 11:35 - 0003664 _____ () C:\Program Files\ramdb_tests.rmb
2013-03-21 09:58 - 2008-02-29 16:56 - 0014121 _____ () C:\Program Files\Readme.txt
2013-03-21 09:58 - 2008-02-29 17:34 - 0501968 _____ () C:\Program Files\rmma.cdb
2013-03-21 09:58 - 2008-02-29 17:03 - 2626560 _____ (NGO Science Center "RightMark ") C:\Program Files\rmma.exe
2013-03-21 09:58 - 2008-02-29 17:40 - 0000218 _____ () C:\Program Files\rmma.ini
2013-03-21 09:58 - 2006-03-30 14:11 - 0015376 _____ () C:\Program Files\rmma.rmp
2013-03-21 09:58 - 2008-02-29 17:05 - 1526272 _____ (NGO Science Center "RightMark ") C:\Program Files\rmms.exe
2013-03-21 09:58 - 2007-12-07 12:40 - 0218624 _____ (NGO Science Center "RightMark ") C:\Program Files\RMMT.exe
2013-03-21 09:58 - 2005-05-25 10:39 - 0004608 _____ () C:\Program Files\RTCore32.sys
2013-03-21 09:58 - 2005-05-25 10:39 - 0007168 _____ () C:\Program Files\RTCore64.sys
2012-09-30 21:52 - 2010-08-21 15:10 - 0429123 _____ (Sillysot Software ) C:\Program Files\setup-Iconoid-x86.exe
2013-03-21 09:58 - 2008-02-29 17:10 - 0260096 _____ (NGO Science Center "RightMark ") C:\Program Files\SysInfo.dll
2013-03-21 09:58 - 2006-07-25 19:49 - 0004095 _____ () C:\Program Files\timings.dat
2013-03-21 09:58 - 2008-02-29 16:57 - 0259584 _____ (NGO Science Center "RightMark ") C:\Program Files\timings.exe
2012-05-04 01:05 - 2012-05-04 01:07 - 22259528 _____ () C:\Program Files\vlc-2.0.1-win32.exe
2013-03-21 09:58 - 2005-05-31 18:00 - 0083415 _____ () C:\Program Files\XPGreen.sui
2015-08-18 23:43 - 2015-08-19 10:10 - 0001119 _____ () C:\Documents and Settings\Randy\Application Data\burnaware.ini
2011-08-12 10:43 - 2015-08-26 18:33 - 0062964 ____C () C:\Documents and Settings\Randy\Application Data\CleanUp!.log
2013-07-29 19:08 - 2013-07-29 19:08 - 1358424 _____ () C:\Documents and Settings\Randy\Application Data\VzInHomeAgent.exe
2011-07-27 20:50 - 2011-07-27 20:50 - 0000128 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\fusioncache.dat
2015-02-10 13:50 - 2015-02-10 13:50 - 0001254 _____ () C:\Documents and Settings\Randy\Local Settings\Application Data\recently-used.xbel

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

And here is the text from the file Addition.txt: [This is part 1 of 2 because I got an error message:
The text that you have entered is too long (55259 characters). Please shorten it to 55000 characters long.]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Randy (2015-09-01 23:22:39)
Running from C:\Documents and Settings\Randy\My Documents\Downloads
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-117609710-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.RANDY-821A2FC76
ASPNET (S-1-5-21-117609710-2000478354-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-117609710-2000478354-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-117609710-2000478354-725345543-1000 - Limited - Disabled)
Mary Kay (S-1-5-21-117609710-2000478354-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mary Kay
Papa (S-1-5-21-117609710-2000478354-725345543-1122 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Papa
Randy (S-1-5-21-117609710-2000478354-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Randy
Sofia (S-1-5-21-117609710-2000478354-725345543-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Sofia.RANDY-821A2FC76
SUPPORT_388945a0 (S-1-5-21-117609710-2000478354-725345543-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-117609710-2000478354-725345543-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Free Firewall Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
A-PDF Image Extractor (HKLM\...\A-PDF Image Extractor_is1) (Version: - A-PDF Solution)
A-PDF Merger (HKLM\...\A-PDF Merger_is1) (Version: - A-PDF.com)
A-PDF Split (HKLM\...\A-PDF Split_is1) (Version: - A-PDF.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asterisk Key 10.0 (HKLM\...\asterisk key) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version: - *Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CardRecovery 6.00 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
Dropbox (HKU\S-1-5-21-117609710-2000478354-725345543-1003\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Image Viewer 5.3 (HKLM\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.)
Glary Undelete 5.0.1.19 (HKLM\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
GPL Ghostscript 8.63 (HKLM\...\GPL Ghostscript 8.63) (Version: - )
GPL Ghostscript 9.01 (HKLM\...\GPL Ghostscript 9.01) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
K-Lite Mega Codec Pack 11.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
LAUNCH! Web Helper (remove only) (HKLM\...\LAUNCH! Web Helper) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (Version: 3.0.2.55 - NTI Corporation) Hidden
NVIDIA Graphics Driver 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.312.0 - Tracker Software Products (Canada) Ltd.)
Platform (Version: 1.13 - VIA Technologies, Inc.) Hidden
QuickBooks Pro 2007 (HKLM\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version: - )
QuickBooks Product Listing Service (HKLM\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RNX-N180UBE 11n USB Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - Rosewill Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Should I Remove It (HKU\S-1-5-21-117609710-2000478354-725345543-1003\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
SmartFTP Client (HKLM\...\{A5BA6B7D-197B-4CF8-92CC-FA9C3EAE38F3}) (Version: 5.0.1364.0 - SmartSoft Ltd.)
SolveigMM AVI Trimmer (HKLM\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Speccy (HKLM\...\Speccy) (Version: 1.20 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1030 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version: - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.13 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.71.0 - Verizon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{28400E86-5FFC-453D-A534-EF455A115E74}\localserver32 -> C:\Program Files\Intuit\QuickBooks Product Listing Service\QBProductListingCOMServer.exe (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4877276C-A727-486D-B201-F096035CA4DF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{86AC2FAD-C987-4757-B591-02F9867A8BE5}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qbfc5.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8CA5338E-3C5E-4087-ADEC-B1CA665BC293}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{E763661E-E497-4D41-AFF4-6BBCB62B9E89}\InprocServer32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx (Intuit)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-117609710-2000478354-725345543-1003_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

06-06-2015 17:02:34 System Checkpoint
08-06-2015 20:19:24 System Checkpoint
09-06-2015 21:36:29 System Checkpoint
10-06-2015 11:56:47 Software Distribution Service 3.0
11-06-2015 18:58:17 System Checkpoint
12-06-2015 21:40:06 System Checkpoint
14-06-2015 20:16:37 System Checkpoint
16-06-2015 19:10:33 System Checkpoint
18-06-2015 12:48:45 System Checkpoint
21-06-2015 20:11:22 System Checkpoint
24-06-2015 20:28:47 System Checkpoint
25-06-2015 20:42:00 System Checkpoint
27-06-2015 18:10:18 System Checkpoint
28-06-2015 18:42:41 System Checkpoint
30-06-2015 13:11:10 System Checkpoint
02-07-2015 16:19:46 System Checkpoint
02-07-2015 21:54:32 avast! antivirus system restore point
04-07-2015 11:50:45 System Checkpoint
05-07-2015 21:38:29 System Checkpoint
07-07-2015 21:03:37 System Checkpoint
08-07-2015 18:03:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-07-2015 18:03:48 Installed SmartFTP Client
09-07-2015 22:25:54 System Checkpoint
10-07-2015 22:37:50 System Checkpoint
13-07-2015 14:00:52 System Checkpoint
14-07-2015 15:35:23 System Checkpoint
17-07-2015 17:05:27 System Checkpoint
18-07-2015 22:00:19 System Checkpoint
19-07-2015 16:08:52 Software Distribution Service 3.0
19-07-2015 22:11:37 Software Distribution Service 3.0
20-07-2015 13:36:56 Software Distribution Service 3.0
20-07-2015 22:23:23 Software Distribution Service 3.0
21-07-2015 18:40:29 Software Distribution Service 3.0
21-07-2015 21:30:48 Installed RNX-N180UBE 11n USB Wireless LAN Driver and Utility
21-07-2015 22:51:37 Software Distribution Service 3.0
22-07-2015 16:24:58 Software Distribution Service 3.0
22-07-2015 20:39:47 Software Distribution Service 3.0
23-07-2015 10:44:26 Software Distribution Service 3.0
23-07-2015 16:42:21 Software Distribution Service 3.0
23-07-2015 23:16:48 Software Distribution Service 3.0
24-07-2015 13:09:58 Software Distribution Service 3.0
24-07-2015 17:47:37 Software Distribution Service 3.0
24-07-2015 22:31:49 Software Distribution Service 3.0
26-07-2015 17:07:41 Software Distribution Service 3.0
27-07-2015 16:04:08 avast! antivirus system restore point
27-07-2015 16:07:40 Installed Windows XP Wdf01009.
27-07-2015 16:23:48 avast! antivirus system restore point
27-07-2015 16:30:07 Removed avast! Ad Blocker
27-07-2015 16:53:21 Installing COMODO Antivirus
27-07-2015 18:21:44 Spybot-S&D Spyware removal
27-07-2015 22:22:53 Software Distribution Service 3.0
29-07-2015 18:53:24 System Checkpoint
30-07-2015 19:22:12 System Checkpoint
31-07-2015 20:13:42 System Checkpoint
31-07-2015 23:56:14 Restore Operation
01-08-2015 00:19:44 Restore Operation
01-08-2015 13:48:33 Installed REALTEK GbE & FE Ethernet PCI NIC Driver
03-08-2015 23:30:48 System Checkpoint
04-08-2015 21:39:58 Removed GeekBuddy.
04-08-2015 23:16:14 Removed COMODO Antivirus
04-08-2015 23:32:12 Installed Windows KB954550-v5.
04-08-2015 23:32:20 Printer Driver Microsoft XPS Document Writer Installed
04-08-2015 23:32:28 Printer Driver Microsoft XPS Document Writer Installed
05-08-2015 21:59:03 Installed Realtek High Definition Audio Driver
06-08-2015 12:24:09 Removed Java 8 Update 51
07-08-2015 12:56:33 System Checkpoint
08-08-2015 16:59:03 ATS Restore Point
08-08-2015 17:03:26 Advanced Tech Support Service Complete
09-08-2015 19:19:31 Removed Dora saves the Crystal Kingdom.
09-08-2015 19:42:18 Removed Java 8 Update 45
09-08-2015 19:45:32 Removed Wrapper.
09-08-2015 20:10:45 Installed Windows KB954550-v5.
09-08-2015 20:10:58 Printer Driver Microsoft XPS Document Writer Installed
09-08-2015 20:11:16 Printer Driver Microsoft XPS Document Writer Installed
09-08-2015 21:00:20 Software Distribution Service 3.0
09-08-2015 21:21:42 Anvi CSB 3.6
10-08-2015 17:13:37 Removed Perfect PDF Creator Essentials
10-08-2015 17:17:28 Removed Sibelius Scorch (Firefox, Opera, Netscape only)
10-08-2015 18:22:54 Installed Windows KB954550-v5.
10-08-2015 18:23:06 Printer Driver Microsoft XPS Document Writer Installed
10-08-2015 18:23:15 Printer Driver Microsoft XPS Document Writer Installed
10-08-2015 21:54:53 avast! antivirus system restore point
10-08-2015 21:57:36 Installed Windows XP Wdf01009.
10-08-2015 22:18:19 Installed Privatefirewall 7.0
11-08-2015 10:48:48 Spybot-S&D Spyware removal
13-08-2015 12:33:19 System Checkpoint
13-08-2015 23:05:05 Software Distribution Service 3.0
14-08-2015 19:59:04 Software Distribution Service 3.0
15-08-2015 20:45:22 System Checkpoint
15-08-2015 22:48:33 Software Distribution Service 3.0
17-08-2015 18:03:24 System Checkpoint
18-08-2015 23:12:56 Installed Windows XP -- Software Updates KB952011.
19-08-2015 18:35:15 Removed Privatefirewall 7.0
20-08-2015 12:15:38 Installed Windows XP -- Software Updates KB952011.
21-08-2015 20:10:43 System Checkpoint
23-08-2015 22:35:04 System Checkpoint
25-08-2015 22:24:22 Uniblue PC Mechanic installation
25-08-2015 22:33:54 Installed Should I Remove It
25-08-2015 22:36:59 Configured NTI Backup Now EZ
26-08-2015 14:55:36 Before making registry change 8-16-15
27-08-2015 13:53:52 before scanning Samsung HDD
28-08-2015 10:18:02 Software Distribution Service 3.0
28-08-2015 22:10:51 before trying registry fix
01-09-2015 11:00:51 System Checkpoint
01-09-2015 20:02:17 Spybot-S&D Spyware removal

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Randy\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 3.job => C:\DOCUME~1\Randy\LOCALS~1\Temp\RegistryCleaner\Initialize.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job => C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 14 type own type interact net start KLCPU sc delete KLCPU CMD Randy
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-10 21:56 - 2015-08-10 21:56 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-10 21:56 - 2015-08-10 21:56 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-01 14:43 - 2015-09-01 14:43 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15090100\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-10 21:56 - 2015-08-10 21:56 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\CNCALBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNC_BLU.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CNMLMBL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7864 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-2000478354-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Randy\Application Data\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 156.154.70.22 - 156.154.71.22
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RNX-N180UBE 11n USB Wireless LAN Utility.lnk => C:\WINDOWS\pss\RNX-N180UBE 11n USB Wireless LAN Utility.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Randy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: 40FF3EFC13B27ECC4044F143B7F23BA9B0D7A12F._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Core Temp => "C:\Program Files\Core Temp\Core Temp.exe "
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Documents and Settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe "
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe] => Enabled:QuickBooks 2007 Data Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabledaemonu.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mary Kay\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabledaemonu.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Randy\Application Data\Dropbox\bin\Dropbox.exe] => Enabledropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 5.0
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [4100:UDP] => Enabled:uPNP Router Control Port
StandardProfile\GloballyOpenPorts: [9051:UDP] => :LocalSubNet:Enabled:FiOS Tech Wizard
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [135:TCP] => EnabledCOM(135)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2015 10:37:41 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 180765357.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/29/2015 10:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, faulting module mozglue.dll, version 40.0.3.5716, fault address 0x0000e250.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/26/2015 06:31:19 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 177725355.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/26/2015 06:31:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avastui.exe, version 10.3.2225.1181, faulting module unknown, version 0.0.0.0, fault address 0x000001bb.
Processing media-specific event for [avastui.exe!ws!]

Error: (08/26/2015 06:30:44 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 148561127.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/26/2015 06:30:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.2.5702, faulting module mozglue.dll, version 40.0.2.5702, fault address 0x0000e631.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/22/2015 07:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.2.5702, faulting module mozglue.dll, version 40.0.2.5702, fault address 0x0000e631.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/19/2015 03:09:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: RANDY-821A2FC76)
Description: Product: QuickTime 7 -- QuickTime 7 requires that your computer is running Windows Vista or Windows 7.

Error: (08/18/2015 11:34:02 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 isotozipconverter.exe, P2 1.0.0.0, P3 533d4485, P4 system.drawing, P5 2.0.0.0, P6 506bef25, P7 144, P8 3d, P9 clr20r30, P10 clr20r31.

Error: (08/18/2015 11:33:11 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 isotozipconverter.exe, P2 1.0.0.0, P3 533d4485, P4 system.drawing, P5 2.0.0.0, P6 506bef25, P7 144, P8 3d, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (09/01/2015 08:46:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (09/01/2015 08:06:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/01/2015 08:05:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/01/2015 08:05:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/01/2015 08:02:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Reimage Real Time Protector service terminated unexpectedly. It has done this 1 time(s).

Error: (09/01/2015 06:33:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/01/2015 06:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/01/2015 06:32:34 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/01/2015 10:42:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.

Error: (09/01/2015 10:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office:
=========================
Error: (10/19/2013 11:17:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/19/2013 11:17:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 1231 seconds with 360 seconds of active time. This session ended with a crash.

Error: (10/19/2013 01:53:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/19/2013 01:46:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 9366 seconds with 7260 seconds of active time. This session ended with a crash.

 

re: [Solved] Audio issues

Here is part 2 of 2 of the file Addition.txt:


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 2495.23 MB
Available physical RAM: 1714.39 MB
Total Virtual: 4388.98 MB
Available Virtual: 3739.43 MB

==================== Drives ================================

Drive c: (Samsung HD ) (Fixed) (Total:465.75 GB) (Free:392.68 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

For what it's worth...

I did a scan using Malwarebytes Anti-Malware - it caught PUP.Optional.Spigot which I removed.

I did a scan using Avast Antivirus, overnight. Interesting results -- "Some files could not be scanned" - and under Warnings, dozens upon dozens of file names were listed. The paths were mostly this: C:\Documents and Settings\Randy\My Documents\Downloads. Also: I received the following -- Status Error: Archive is password protected. (42056)

 

re: [Solved] Audio issues

------

Well, I guess I blew it. I failed to adhere to this rule about the Malware and Virus Removal forum: "DO NOT make any other changes to your computer (like installing programs,using other cleaning tools, etc.), until it's officially declared clean!!! "

I'm referring to the scans that I ran, above, after I ran the Farbar Recovery Scan Tool. I am sorry; somehow I missed the rule until it was too late. Could you please allow me to re-run the Farbar Recovery Scan Tool and post the two logs? Again, my apologies. It was not intentional. I was just trying whatever I could do to help keep my computer clean.

Thank you for considering the above.

Sincerely,

Randy

 

Hi broni,

Thanks for the instructions and for not booting me out of this forum.

The contents of rk_1099.txt after scanning with RogueKiller are below.


======================================================


RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Randy [Administrator]
Started from : C:\Documents and Settings\Randy\My Documents\Downloads\RogueKiller.exe
Mode : Delete -- Date : 09/03/2015 10:07:13

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\DOCUME~1\Randy\LOCALS~1\Temp\ALSysIO.sys) -> ERROR [2]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ALSysIO (\??\C:\DOCUME~1\Randy\LOCALS~1\Temp\ALSysIO.sys) -> ERROR [2]
[PUM.StartMenu] HKEY_USERS\S-1-5-21-117609710-2000478354-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 1 -> Replaced (1)

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\At1.job -- C:\DOCUME~1\Randy\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE (/Check) -> Not selected
[Suspicious.Path] %WINDIR%\Tasks\GlaryInitialize 3.job -- C:\DOCUME~1\Randy\LOCALS~1\Temp\RegistryCleaner\Initialize.exe -> Not selected

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD501LJ +++++
--- User ---
[MBR] 345644e384b433886db362c17e79899c
[BSP] 6ab81512ed7b103b5f7d01d89b81ec91 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK


======================================================


Thanks and take care,
Randy

 

Below are the contents of the MBAM log after scanning with MBAM v. 2.1.8.1057.


=================================================


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/3/2015
Scan Time: 10:23:25 AM
Logfile: MBAM_log_09032015.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.03.05
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Randy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 626239
Time Elapsed: 28 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Spigot, HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F3EFAEC-9E42-4AEF-B114-CC3540415972}, Quarantined, [0d7480abeaa1e056b793cde3b64e9769],

Registry Values: 1
PUP.Optional.Spigot, HKU\S-1-5-21-117609710-2000478354-725345543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F3EFAEC-9E42-4AEF-B114-CC3540415972}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=683654&p={searchTerms}, Quarantined, [0d7480abeaa1e056b793cde3b64e9769]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Proinstall, C:\Documents and Settings\Randy\My Documents\Downloads\WDM_R274-56377597.exe, Quarantined, [750cf833bdce290d6fede29d976a857b],
PUP.Optional.Spigot, C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\searchplugins\yahoo_ff.xml, Quarantined, [ef92fa31701bcb6bf94d0fa117ed14ec],
PUP.Optional.Spigot, C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\z20oakj0.default\searchplugins\yahoo_ff.xml, Quarantined, [84fd0d1e8cff1c1a87bfb8f8689cba46],
PUP.Optional.Spigot, C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\prefs.js, Good: (), Bad: (user_pref( "keyword.URL ", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=683654&p= "), Replaced,[1869cb606328043281609cfd6f9606fa]
PUP.Optional.Spigot, C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\z20oakj0.default\prefs.js, Good: (), Bad: (user_pref( "keyword.URL ", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=683654&p= "), Replaced,[344daa815c2f8da9a8399900c045d42c]
PUP.Optional.Spigot, C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\z20oakj0.default\prefs.js, Good: (browser.startup.homepage ", "https://www.malwarebytes.org/restorebrowser/), Bad: (browser.startup.homepage ", "https://search.yahoo.com/?type=683654&fr=spigot-), Replaced,[e0a157d4672487af513d693657ae05fb]

Physical Sectors: 0
(No malicious items detected)


(end)


=================================================


Randy

 

broni,

I scanned with AdwCleaner and the text file that opened after the reboot was named AdwCleaner[C2].txt, *not* AdwCleaner[S1].txt. I will paste the contents of AdwCleaner[C2].txt below. When I went to the AdwCleaner folder at C:\AdwCleaner, I saw a few other .txt files in there -- [S0], [S2], [S3], and [R0]. Also, there is a folder named Quarantine in there. Please let me know if I should post the contents of any of those other .txt files too, and whether I need to do anything with the contents of the Quarantine folder.

I will wait for your reply before I proceed with downloading Junkware Removal Tool. Thanks.

So, below are the contents of AdwCleaner[C2].txt.

================================

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 12:03:54
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Randy - RANDY-821A2FC76
# Running from : C:\Documents and Settings\Randy\My

Documents\Downloads\adwcleaner_5.005(1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\Randy\Application

Data\Mozilla\Firefox\Profiles\z20oakj0.default\Extensions\staged\ffxtlbr@funmoods.com
[-] Folder Deleted : C:\Documents and Settings\Randy\Local Settings\Application

Data\MalwareProtectionLive
[-] Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\AskTB

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\Mary Kay\Application

Data\Mozilla\Firefox\Profiles\a5nyj7b6.default\invalidprefs.js
[-] File Deleted : C:\Documents and Settings\Randy\Application

Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\searchplugins\zonealarm.xml
[-] File Deleted : C:\Documents and Settings\Randy\Application

Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\user.js
[-] File Deleted : C:\Documents and Settings\Randy\Local Settings\Application

Data\Google\Chrome\User Data\Default\Local Extension Settings\nemfjadlboooiffmcelkafilagddogim
[-] File Deleted : C:\WINDOWS\Reimage.ini

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD29

8611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\speedypc software
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\Reimage Repair

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Randy\Application

Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\prefs.js] [Preference] Deleted :

user_pref( "extensions.zonealarm.tlbrSrchUrl ",

"hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=27abd37aee924d718e307f

e734112979&tu=10G9y00LF2D33N0&sku=&tstsId=&ver=&&q= ");
[-] [C:\Documents and Settings\Randy\Local Settings\Application Data\Comodo\Chromodo\User

Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\Randy\Local Settings\Application Data\Comodo\Chromodo\User

Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4928 bytes] ##########


================================


Randy

 

Hi broni,

As per my previous post, I was awaiting your reply about AdwCleaner (re: extra text files plus a Quarantine folder found in the AdwCleaner folder) before moving on to the Junkware Removal Tool. I guess you're saying that it's OK to use Junkware Removal Tool now? I'm just trying not to skip ahead of things.



Thanks,
Randy

 

Thank you broni - I will use Junkware Removal Tool next.

Randy

 

Below is the log from JRT.txt


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Microsoft Windows XP x86
Ran by Randy on Fri 09/04/2015 at 18:21:56.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\Tasks\At1.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet

Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet

Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key]

HKEY_CLASSES_ROOT\CLSID\{410EAFBA-D5A4-0A01-9A7F-57C27CAEB7CD}
Successfully deleted: [Registry Key]

HKEY_CLASSES_ROOT\CLSID\{788019A8-7243-E343-0595-B602FAA4B15C}
Successfully deleted: [Registry Key]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{410EAFBA-D5A4-0A01-9A7F-57C27CAEB7CD}
Successfully deleted: [Registry Key]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{788019A8-7243-E343-0595-B602FAA4B15C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\freefileviewer
Successfully deleted: [Folder] C:\WINDOWS\System32\ai_recyclebin



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Randy\Application

Data\mozilla\firefox\profiles\9rcldx25.default-1439164470718\prefs.js

user_pref(extensions.zonealarm.tlbrSrchUrl,

hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=27abd37aee924d718e307f

e734112979&tu=10G9y00LF2D33N0&sku=&ts



~~~ Chrome


[C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User

Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User

Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User

Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Randy\Local Settings\Application Data\Google\Chrome\User

Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/04/2015 at 18:26:42.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Everything went fine with ComboFix. Didn't need to use Rkill.
The Notepad file that opened when the scan was done was called log.txt rather than ComboFix.txt. Here are the contents of the log; "word wrap" is unchecked:


ComboFix 15-09-03.01 - Randy 09/05/2015 13:24:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2495.1930 [GMT -4:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mary Kay\My Documents\~WRD0002.tmp
c:\documents and settings\Randy\GoToAssistDownloadHelper.exe
c:\program files\readme.txt
C:\Thumbs.db
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\wininit.ini
c:\windows\wmsysprx.prx
.
.
((((((((((((((((((((((((( Files Created from 2015-08-05 to 2015-09-05 )))))))))))))))))))))))))))))))
.
.
2015-09-03 03:30 . 2015-09-03 03:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-03 03:29 . 2015-09-03 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-09-03 02:13 . 2015-09-03 02:13 -------- d-----w- c:\program files\ESET
2015-09-02 22:49 . 2015-08-11 01:56 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-02 19:09 . 2008-09-24 14:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2015-09-02 19:09 . 2006-10-18 06:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2015-09-02 19:09 . 2006-12-08 19:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2015-09-02 19:08 . 2015-09-02 19:08 -------- d-----w- c:\program files\Realtek AC97
2015-09-02 19:07 . 2006-07-31 15:27 217088 ----a-w- c:\windows\alcrmv.exe
2015-09-02 19:07 . 2006-07-31 15:19 315392 ----a-w- c:\windows\alcupd.exe
2015-09-02 19:02 . 2015-09-02 22:50 -------- d-----w- c:\windows\LastGood
2015-09-02 03:21 . 2015-09-02 17:42 -------- dc----w- C:\FRST
2015-08-29 02:14 . 2015-09-01 00:06 -------- d-----w- c:\program files\File Download ActiveX
2015-08-27 03:30 . 2015-08-28 14:18 -------- d--h--w- c:\windows\$hf_mig$
2015-08-26 22:30 . 2015-08-26 22:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2015-08-26 02:37 . 2015-08-26 02:37 -------- d-----w- c:\documents and settings\All Users\BackupNowEZ
2015-08-26 02:34 . 2015-08-26 02:34 -------- d-----w- c:\program files\Reason
2015-08-26 00:56 . 2015-08-26 00:56 -------- d-----w- c:\documents and settings\Randy\Application Data\MPC-HC
2015-08-25 23:31 . 2015-06-22 13:25 240128 ----a-w- c:\windows\system32\xvidvfw.dll
2015-08-25 23:31 . 2015-06-22 13:24 655872 ----a-w- c:\windows\system32\xvidcore.dll
2015-08-25 23:31 . 2015-02-28 15:21 3591680 ----a-w- c:\windows\system32\x264vfw.dll
2015-08-25 23:31 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2015-08-25 23:31 . 2012-07-21 10:54 122880 ----a-w- c:\windows\system32\ac3acm.acm
2015-08-25 23:31 . 2015-08-24 18:00 112128 ----a-w- c:\windows\system32\ff_vfw.dll
2015-08-25 23:18 . 2015-08-25 23:18 -------- dc----w- C:\K-Lite Codec Pack Mega 1140
2015-08-25 23:15 . 2015-08-25 23:16 -------- dc----w- C:\Codecs from MeGUI
2015-08-23 12:56 . 2015-08-23 13:22 -------- dc----w- C:\Mom
2015-08-23 03:07 . 2015-08-23 03:09 -------- dc----w- C:\i386
2015-08-22 13:01 . 2015-08-22 13:01 -------- d-----w- c:\documents and settings\Sofia.RANDY-821A2FC76\Application Data\Canon
2015-08-22 13:01 . 2015-08-22 13:01 -------- d-----w- c:\documents and settings\Sofia.RANDY-821A2FC76\Application Data\AVAST Software
2015-08-19 22:07 . 2015-08-19 22:07 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\FreemakeVideoConverter
2015-08-19 22:05 . 2015-08-19 22:05 -------- d-----w- c:\program files\Common Files\Freemake Shared
2015-08-19 22:05 . 2015-08-19 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2015-08-19 22:04 . 2015-08-19 22:05 -------- d-----w- c:\program files\Freemake
2015-08-18 03:04 . 2015-08-25 23:21 98520 ----a-w- c:\windows\system32\drivers\4A8353F3.sys
2015-08-12 16:11 . 2015-08-12 16:18 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-08-11 16:50 . 2015-08-26 23:24 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-11 16:50 . 2015-08-26 23:24 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 02:20 . 2015-08-11 02:20 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\Privatefirewall
2015-08-11 02:18 . 2015-08-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware
2015-08-11 01:58 . 2015-08-11 01:58 -------- d-----w- c:\documents and settings\Randy\Application Data\AVAST Software
2015-08-11 01:56 . 2015-08-11 01:56 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-08-11 01:56 . 2015-08-11 01:56 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-11 01:56 . 2015-08-11 01:56 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-11 01:56 . 2015-08-11 01:56 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-11 01:56 . 2015-08-11 01:56 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-08-11 01:56 . 2015-08-11 01:56 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-11 01:56 . 2015-08-11 01:56 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-08-11 01:56 . 2015-08-11 01:56 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-11 01:56 . 2015-08-11 01:56 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-11 01:56 . 2015-08-11 01:56 43112 ----a-w- c:\windows\avastSS.scr
2015-08-11 01:54 . 2015-08-11 01:54 -------- d-----w- c:\program files\AVAST Software
2015-08-10 22:22 . 2015-08-10 22:23 -------- dc----w- C:\b51b393cbb54452c6a539ada5b55
2015-08-10 02:11 . 2015-08-20 19:52 -------- d-----w- c:\documents and settings\Randy\Application Data\Digiarty
2015-08-10 02:10 . 2015-08-20 19:52 -------- d-----w- c:\program files\Digiarty
2015-08-10 01:20 . 2015-08-10 20:54 -------- d-----w- c:\program files\Anvisoft
2015-08-08 21:02 . 2015-08-08 21:02 -------- dc----w- C:\SUPERDelete
2015-08-08 20:58 . 2015-08-08 20:58 -------- dc----w- C:\AdvancedTechSupport
2015-08-08 20:48 . 2015-08-09 23:30 -------- d-----w- c:\documents and settings\Randy\Application Data\Panda Security
2015-08-08 20:47 . 2015-08-09 23:33 -------- d-----w- c:\program files\Panda Security
2015-08-08 20:46 . 2015-08-09 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2015-08-08 19:52 . 2015-09-03 16:03 -------- dc----w- C:\AdwCleaner
2015-08-08 19:18 . 2015-08-08 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\support.com
2015-08-08 19:17 . 2015-08-08 19:17 -------- dc----w- C:\temp
2015-08-08 19:17 . 2015-08-08 21:06 -------- dc----w- C:\stk_downloads
2015-08-08 16:05 . 2015-08-08 16:46 -------- d-----w- c:\documents and settings\Randy\Application Data\supportdotcom
2015-08-08 16:05 . 2015-08-09 02:50 -------- d-----w- c:\program files\Common Files\supportdotcom
2015-08-07 19:47 . 2015-08-10 21:19 -------- d-----w- c:\program files\Alternative Flash Player Auto-Updater
2015-08-07 04:02 . 2015-08-07 04:02 -------- d-----w- c:\program files\Flash Movie Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-03 15:18 . 2015-08-01 18:30 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-12 16:18 . 2011-07-27 01:52 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-08-01 18:30 . 2015-08-01 18:30 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-01 18:30 . 2015-08-01 18:30 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-01 04:49 . 2015-08-01 04:49 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2015-08-01 04:49 . 2015-08-01 04:49 103936 ----a-w- c:\windows\system32\CNC_BLU.dll
2015-08-01 04:49 . 2015-08-01 04:49 321024 ----a-w- c:\windows\system32\CNC_BLL.dll
2015-08-01 04:49 . 2015-08-01 04:44 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBL.DLL
2015-08-01 04:44 . 2015-08-01 04:44 258560 ----a-w- c:\windows\system32\CNCALBL.DLL
2015-08-01 04:44 . 2015-08-01 04:44 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBL.DLL
2015-08-01 04:44 . 2015-08-01 04:44 315904 ----a-w- c:\windows\system32\CNMLMBL.DLL
2015-06-30 06:16 . 2015-06-30 06:16 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2015-06-30 06:16 . 2015-06-30 06:16 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2012-05-04 05:07 . 2012-05-04 05:05 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe
2011-08-04 17:31 . 2012-06-06 04:38 898560 ----a-w- c:\program files\MPEG_Streamclip.exe
2010-08-21 19:10 . 2012-10-01 01:52 429123 ----a-w- c:\program files\setup-Iconoid-x86.exe
2008-02-29 21:36 . 2013-03-21 13:58 704000 ----a-w- c:\program files\MemoryTest.dll
2008-02-29 21:10 . 2013-03-21 13:58 260096 ----a-w- c:\program files\SysInfo.dll
2008-02-29 21:05 . 2013-03-21 13:58 1526272 ----a-w- c:\program files\rmms.exe
2008-02-29 21:03 . 2013-03-21 13:58 2626560 ----a-w- c:\program files\rmma.exe
2008-02-29 20:57 . 2013-03-21 13:58 259584 ----a-w- c:\program files\timings.exe
2007-12-07 16:40 . 2013-03-21 13:58 218624 ----a-w- c:\program files\RMMT.exe
2005-05-25 14:39 . 2013-03-21 13:58 7168 ----a-w- c:\program files\RTCore64.sys
2005-05-25 14:39 . 2013-03-21 13:58 4608 ----a-w- c:\program files\RTCore32.sys
1996-10-31 06:00 . 2015-08-28 13:57 22288 ----a-w- c:\program files\mozilla firefox\plugins\Comcat.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 13:23 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 13:23 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 13:23 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-11 01:56 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-25 6111824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration "= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=" "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RNX-N180UBE 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RNX-N180UBE 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\RNX-N180UBE 11n USB Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Randy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Randy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40FF3EFC13B27ECC4044F143B7F23BA9B0D7A12F._service_run]
2015-08-28 00:17 815944 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-09-23 05:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 22:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2015-08-25 22:16 6111824 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2015-08-01 04:45 2107536 ----a-w- c:\program files\Canon\MyPrinter\BJMyPrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2015-08-01 04:46 1279120 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Core Temp]
2013-10-08 18:22 794272 ----a-w- c:\program files\Core Temp\Core Temp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
2015-08-02 00:28 136048 ----atw- c:\documents and settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2015-08-01 04:49 452272 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 04:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-12-01 04:53 15524712 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-12-01 04:53 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-12-03 15:40 1982312 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-10-04 16:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-06-08 23:08 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-02-21 01:40 1994752 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"File Backup "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BackupNowEZtray "= "c:\program files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe "=
"c:\\Documents and Settings\\Mary Kay\\Local Settings\\Application Data\\Akamai\\netsession_win.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe "=
"c:\\Program Files\\RNX-N180UBE 11n USB Wireless LAN Utility\\RtWLan.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Documents and Settings\\Randy\\Application Data\\Dropbox\\bin\\Dropbox.exe "=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP "= 4100:UDP:uPNP Router Control Port
"1542:TCP "= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP "= 1542:UDP:Realtek WPS UDP Prot
"53:UDP "= 53:UDP:Realtek AP UDP Prot
"135:TCP "= 135:TCPCOM(135)
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/10/2015 9:56 PM 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/10/2015 9:56 PM 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/10/2015 9:56 PM 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/10/2015 9:56 PM 433264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/23/2013 4:11 PM 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/10/2015 9:56 PM 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/10/2015 9:56 PM 76000]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/2/2011 12:11 PM 12184]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [8/10/2015 9:56 PM 161472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/1/2015 2:30 PM 23256]
S0 hkrwaict;hkrwaict;c:\windows\system32\drivers\xyje.sys --> c:\windows\system32\drivers\xyje.sys [?]
S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/19/2015 6:05 PM 108032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [8/1/2015 2:30 PM 1133880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/5/2015 9:59 PM 1691480]
S3 eapihdrv;eapihdrv;\??\c:\docume~1\Randy\LOCALS~1\Temp\ehdrv.sys --> c:\docume~1\Randy\LOCALS~1\Temp\ehdrv.sys [?]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [12/21/2004 4:16 PM 141990]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [8/5/2013 6:59 PM 594048]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [6/30/2015 2:16 AM 10112]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [1/27/2013 8:17 PM 16640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-04 04:49 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11 23:24]
.
2015-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2015-09-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-11 01:56]
.
2015-09-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job
- c:\documents and settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [2015-08-02 00:28]
.
2015-09-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job
- c:\documents and settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [2015-08-02 00:28]
.
2015-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-15 17:02]
.
2015-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-15 17:02]
.
2015-09-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2015-08-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{60CF82EE-E530-49B9-87AF-DE2029CC503E}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-Glary Undelete - c:\program files\Glarysoft\Glary Undelete 5\uninst.exe
AddRemove-SolveigMM AVI Trimmer 2.0.1210.11 - c:\program files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-05 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2015-09-05 13:33:35
ComboFix-quarantined-files.txt 2015-09-05 17:33
.
Pre-Run: 421,809,758,208 bytes free
Post-Run: 421,921,087,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8A1E593FC75BB26BD4D78A30495503F4
8F558EB6672622401DA993E1E865C861

 

OK, 2nd try... ComboFix.txt contents are below my typing.

Notes:

This time I had several error messages pop up, pertaining to the registry, and in order to proceed I had to click on OK.

Also, both times that I ran ComboFix, it did not disconnect my PC from the Internet as soon as it started (as per your instructions), but it did so after it ran, before the log was generated.

And I think this might be important: According to the beginning of the log, it looks as though my computer "thinks" that ZoneAlarm Free Firewall is enabled. My problems with the lost audio began around the time that I switched to ZoneAlarm from Avast, and then I went back to Avast after removing (or so I thought) ZoneAlarm from my PC. (This was approx. one month ago.) Remnants of ZoneAlarm seem to be my PC... I have tried looking in Control Panel > Add/Remove Programs but ZoneAlarm is not there.

And now, ComboFix.txt :


ComboFix 15-09-03.01 - Randy 09/05/2015 15:45:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2495.1954 [GMT -4:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2015-08-05 to 2015-09-05 )))))))))))))))))))))))))))))))
.
.
2015-09-03 03:30 . 2015-09-03 03:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-03 03:29 . 2015-09-03 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-09-03 02:13 . 2015-09-03 02:13 -------- d-----w- c:\program files\ESET
2015-09-02 22:49 . 2015-08-11 01:56 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-02 19:09 . 2008-09-24 14:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2015-09-02 19:09 . 2006-10-18 06:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2015-09-02 19:09 . 2006-12-08 19:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2015-09-02 19:08 . 2015-09-02 19:08 -------- d-----w- c:\program files\Realtek AC97
2015-09-02 19:07 . 2006-07-31 15:27 217088 ----a-w- c:\windows\alcrmv.exe
2015-09-02 19:07 . 2006-07-31 15:19 315392 ----a-w- c:\windows\alcupd.exe
2015-09-02 19:02 . 2015-09-02 22:50 -------- d-----w- c:\windows\LastGood
2015-09-02 03:21 . 2015-09-02 17:42 -------- dc----w- C:\FRST
2015-08-29 02:14 . 2015-09-01 00:06 -------- d-----w- c:\program files\File Download ActiveX
2015-08-27 03:30 . 2015-08-28 14:18 -------- d--h--w- c:\windows\$hf_mig$
2015-08-26 22:30 . 2015-08-26 22:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2015-08-26 02:37 . 2015-08-26 02:37 -------- d-----w- c:\documents and settings\All Users\BackupNowEZ
2015-08-26 02:34 . 2015-08-26 02:34 -------- d-----w- c:\program files\Reason
2015-08-26 00:56 . 2015-08-26 00:56 -------- d-----w- c:\documents and settings\Randy\Application Data\MPC-HC
2015-08-25 23:31 . 2015-06-22 13:25 240128 ----a-w- c:\windows\system32\xvidvfw.dll
2015-08-25 23:31 . 2015-06-22 13:24 655872 ----a-w- c:\windows\system32\xvidcore.dll
2015-08-25 23:31 . 2015-02-28 15:21 3591680 ----a-w- c:\windows\system32\x264vfw.dll
2015-08-25 23:31 . 2011-12-07 17:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2015-08-25 23:31 . 2012-07-21 10:54 122880 ----a-w- c:\windows\system32\ac3acm.acm
2015-08-25 23:31 . 2015-08-24 18:00 112128 ----a-w- c:\windows\system32\ff_vfw.dll
2015-08-25 23:18 . 2015-08-25 23:18 -------- dc----w- C:\K-Lite Codec Pack Mega 1140
2015-08-25 23:15 . 2015-08-25 23:16 -------- dc----w- C:\Codecs from MeGUI
2015-08-23 12:56 . 2015-08-23 13:22 -------- dc----w- C:\Mom
2015-08-23 03:07 . 2015-08-23 03:09 -------- dc----w- C:\i386
2015-08-22 13:01 . 2015-08-22 13:01 -------- d-----w- c:\documents and settings\Sofia.RANDY-821A2FC76\Application Data\Canon
2015-08-22 13:01 . 2015-08-22 13:01 -------- d-----w- c:\documents and settings\Sofia.RANDY-821A2FC76\Application Data\AVAST Software
2015-08-19 22:07 . 2015-08-19 22:07 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\FreemakeVideoConverter
2015-08-19 22:05 . 2015-08-19 22:05 -------- d-----w- c:\program files\Common Files\Freemake Shared
2015-08-19 22:05 . 2015-08-19 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2015-08-19 22:04 . 2015-08-19 22:05 -------- d-----w- c:\program files\Freemake
2015-08-18 03:04 . 2015-08-25 23:21 98520 ----a-w- c:\windows\system32\drivers\4A8353F3.sys
2015-08-12 16:11 . 2015-08-12 16:18 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-08-11 16:50 . 2015-08-26 23:24 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-11 16:50 . 2015-08-26 23:24 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 02:20 . 2015-08-11 02:20 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\Privatefirewall
2015-08-11 02:18 . 2015-08-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Privacyware
2015-08-11 01:58 . 2015-08-11 01:58 -------- d-----w- c:\documents and settings\Randy\Application Data\AVAST Software
2015-08-11 01:56 . 2015-08-11 01:56 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-08-11 01:56 . 2015-08-11 01:56 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-11 01:56 . 2015-08-11 01:56 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-11 01:56 . 2015-08-11 01:56 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-11 01:56 . 2015-08-11 01:56 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-08-11 01:56 . 2015-08-11 01:56 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-11 01:56 . 2015-08-11 01:56 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-08-11 01:56 . 2015-08-11 01:56 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-11 01:56 . 2015-08-11 01:56 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-11 01:56 . 2015-08-11 01:56 43112 ----a-w- c:\windows\avastSS.scr
2015-08-11 01:54 . 2015-08-11 01:54 -------- d-----w- c:\program files\AVAST Software
2015-08-10 22:22 . 2015-08-10 22:23 -------- dc----w- C:\b51b393cbb54452c6a539ada5b55
2015-08-10 02:11 . 2015-08-20 19:52 -------- d-----w- c:\documents and settings\Randy\Application Data\Digiarty
2015-08-10 02:10 . 2015-08-20 19:52 -------- d-----w- c:\program files\Digiarty
2015-08-10 01:20 . 2015-08-10 20:54 -------- d-----w- c:\program files\Anvisoft
2015-08-08 21:02 . 2015-08-08 21:02 -------- dc----w- C:\SUPERDelete
2015-08-08 20:58 . 2015-08-08 20:58 -------- dc----w- C:\AdvancedTechSupport
2015-08-08 20:48 . 2015-08-09 23:30 -------- d-----w- c:\documents and settings\Randy\Application Data\Panda Security
2015-08-08 20:47 . 2015-08-09 23:33 -------- d-----w- c:\program files\Panda Security
2015-08-08 20:46 . 2015-08-09 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2015-08-08 19:52 . 2015-09-03 16:03 -------- dc----w- C:\AdwCleaner
2015-08-08 19:18 . 2015-08-08 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\support.com
2015-08-08 19:17 . 2015-08-08 19:17 -------- dc----w- C:\temp
2015-08-08 19:17 . 2015-08-08 21:06 -------- dc----w- C:\stk_downloads
2015-08-08 16:05 . 2015-08-08 16:46 -------- d-----w- c:\documents and settings\Randy\Application Data\supportdotcom
2015-08-08 16:05 . 2015-08-09 02:50 -------- d-----w- c:\program files\Common Files\supportdotcom
2015-08-07 19:47 . 2015-08-10 21:19 -------- d-----w- c:\program files\Alternative Flash Player Auto-Updater
2015-08-07 04:02 . 2015-08-07 04:02 -------- d-----w- c:\program files\Flash Movie Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-03 15:18 . 2015-08-01 18:30 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-12 16:18 . 2011-07-27 01:52 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-08-01 18:30 . 2015-08-01 18:30 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-01 18:30 . 2015-08-01 18:30 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-01 04:49 . 2015-08-01 04:49 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2015-08-01 04:49 . 2015-08-01 04:49 103936 ----a-w- c:\windows\system32\CNC_BLU.dll
2015-08-01 04:49 . 2015-08-01 04:49 321024 ----a-w- c:\windows\system32\CNC_BLL.dll
2015-08-01 04:49 . 2015-08-01 04:44 86528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBL.DLL
2015-08-01 04:44 . 2015-08-01 04:44 258560 ----a-w- c:\windows\system32\CNCALBL.DLL
2015-08-01 04:44 . 2015-08-01 04:44 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBL.DLL
2015-08-01 04:44 . 2015-08-01 04:44 315904 ----a-w- c:\windows\system32\CNMLMBL.DLL
2015-06-30 06:16 . 2015-06-30 06:16 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2015-06-30 06:16 . 2015-06-30 06:16 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2012-05-04 05:07 . 2012-05-04 05:05 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe
2011-08-04 17:31 . 2012-06-06 04:38 898560 ----a-w- c:\program files\MPEG_Streamclip.exe
2010-08-21 19:10 . 2012-10-01 01:52 429123 ----a-w- c:\program files\setup-Iconoid-x86.exe
2008-02-29 21:36 . 2013-03-21 13:58 704000 ----a-w- c:\program files\MemoryTest.dll
2008-02-29 21:10 . 2013-03-21 13:58 260096 ----a-w- c:\program files\SysInfo.dll
2008-02-29 21:05 . 2013-03-21 13:58 1526272 ----a-w- c:\program files\rmms.exe
2008-02-29 21:03 . 2013-03-21 13:58 2626560 ----a-w- c:\program files\rmma.exe
2008-02-29 20:57 . 2013-03-21 13:58 259584 ----a-w- c:\program files\timings.exe
2007-12-07 16:40 . 2013-03-21 13:58 218624 ----a-w- c:\program files\RMMT.exe
2005-05-25 14:39 . 2013-03-21 13:58 7168 ----a-w- c:\program files\RTCore64.sys
2005-05-25 14:39 . 2013-03-21 13:58 4608 ----a-w- c:\program files\RTCore32.sys
1996-10-31 06:00 . 2015-08-28 13:57 22288 ----a-w- c:\program files\mozilla firefox\plugins\Comcat.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 13:23 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 13:23 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 13:23 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-11 01:56 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-25 6111824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration "= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=" "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RNX-N180UBE 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RNX-N180UBE 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\RNX-N180UBE 11n USB Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Randy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Randy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40FF3EFC13B27ECC4044F143B7F23BA9B0D7A12F._service_run]
2015-08-28 00:17 815944 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-09-23 05:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 22:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2015-08-25 22:16 6111824 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2015-08-01 04:45 2107536 ----a-w- c:\program files\Canon\MyPrinter\BJMyPrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2015-08-01 04:46 1279120 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Core Temp]
2013-10-08 18:22 794272 ----a-w- c:\program files\Core Temp\Core Temp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
2015-08-02 00:28 136048 ----atw- c:\documents and settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2015-08-01 04:49 452272 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 04:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-12-01 04:53 15524712 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-12-01 04:53 108392 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-12-03 15:40 1982312 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-10-04 16:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-06-08 23:08 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-02-21 01:40 1994752 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"File Backup "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BackupNowEZtray "= "c:\program files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe "=
"c:\\Documents and Settings\\Mary Kay\\Local Settings\\Application Data\\Akamai\\netsession_win.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe "=
"c:\\Program Files\\RNX-N180UBE 11n USB Wireless LAN Utility\\RtWLan.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Documents and Settings\\Randy\\Application Data\\Dropbox\\bin\\Dropbox.exe "=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP "= 4100:UDP:uPNP Router Control Port
"1542:TCP "= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP "= 1542:UDP:Realtek WPS UDP Prot
"53:UDP "= 53:UDP:Realtek AP UDP Prot
"135:TCP "= 135:TCPCOM(135)
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/10/2015 9:56 PM 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/10/2015 9:56 PM 208664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/10/2015 9:56 PM 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/10/2015 9:56 PM 433264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/23/2013 4:11 PM 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/10/2015 9:56 PM 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/10/2015 9:56 PM 76000]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/2/2011 12:11 PM 12184]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [8/10/2015 9:56 PM 161472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/1/2015 2:30 PM 23256]
S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [8/19/2015 6:05 PM 108032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [8/1/2015 2:30 PM 1133880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/5/2015 9:59 PM 1691480]
S3 eapihdrv;eapihdrv;\??\c:\docume~1\Randy\LOCALS~1\Temp\ehdrv.sys --> c:\docume~1\Randy\LOCALS~1\Temp\ehdrv.sys [?]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [12/21/2004 4:16 PM 141990]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [8/5/2013 6:59 PM 594048]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [6/30/2015 2:16 AM 10112]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [1/27/2013 8:17 PM 16640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-04 04:49 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11 23:24]
.
2015-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2015-09-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-11 01:56]
.
2015-09-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003Core.job
- c:\documents and settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [2015-08-02 00:28]
.
2015-09-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-2000478354-725345543-1003UA.job
- c:\documents and settings\Randy\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [2015-08-02 00:28]
.
2015-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-15 17:02]
.
2015-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-15 17:02]
.
2015-09-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2015-08-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{60CF82EE-E530-49B9-87AF-DE2029CC503E}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\9rcldx25.default-1439164470718\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-05 15:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\documents and settings\Randy\Application Data\Dropbox\bin\DropboxExt.27.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-09-05 15:56:58
ComboFix-quarantined-files.txt 2015-09-05 19:56
ComboFix2.txt 2015-09-05 19:30
ComboFix3.txt 2015-09-05 17:33
.
Pre-Run: 422,417,711,104 bytes free
Post-Run: 422,415,945,728 bytes free
.
- - End Of File - - 11B331496EFAB283828A4E60FC3E32F6
8F558EB6672622401DA993E1E865C861